Blender

Tool updated a year ago (2024-08-14T17:50:01.220Z)

Download STIX

Preview STIX

Blender, a renowned threat actor known for its involvement in the cybersecurity landscape, has recently been under scrutiny due to its alleged role in facilitating illegal transactions. Last year, the US imposed sanctions on crypto mixers Tornado Cash and Blender, targeting them as part of a broader crackdown on Lazarus Group options such as Bitcoin-based mixers Blender and Sinbad. The shift back to decentralized mixers like Blender is believed to be a reaction to law enforcement actions against large-scale services like Sinbad and Blender. In a significant development, Blender, along with Tornado Cash, is suspected of assisting North Korean threat actors in laundering $475m from an attack on Axie Infinity, funds that are likely to be channeled into the country's weapons and nuclear programs. The Blender Foundation, associated with the open-source 3D creation suite, not the threat actor, found itself at the center of a major Distributed Denial of Service (DDoS) attack that temporarily disrupted its server operations. The origins of the attack remain unknown, but the Blender Foundation promptly acknowledged the incident through an official statement. Despite the challenge posed by the attack, the Blender community, renowned for its resilience and collaborative spirit, quickly mobilized to address the situation head-on. In the wake of these events, six other foundations - Apache, Blender, OpenSSL, PHP, Python, and Rust - initiated a Brussels-based working group tasked with developing common specifications for secure software development. Drawing on their extensive open-source experience, they aim to establish standards for coordinated disclosure, peer review, and release processes. The Blender Foundation used its communication channels to keep its community informed, demonstrating transparency during the crisis and underscoring the commitment of the open-source community to protect its assets.

Description last updated: 2024-05-04T16:56:25.131Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Sinbad is a possible alias for Blender. Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Sinbad

Tornado Cash

Source

Python

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Stealc Malware is associated with Blender. StealC is a form of malware that specifically targets browser extensions and password managers. Its emergence was first reported in early 2023 and it quickly grew in popularity on the dark web due to its ability to bypass traditional security measures. The malware's modus operandi involves stealing	Unspecified	2

Source Document References

Information about the Blender Tool was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	17 days ago	Morphisec warns StealC V2 malware spread through weaponized blender files
InfoSecurity-magazine	18 days ago	Russian-linked Malware Campaign Hides in Blender 3D Files
CERT-EU	3 years ago	IRC Proceedings: Friday, March 31, 2023
CERT-EU	3 years ago	North Korea shows off surveillance satellite
CERT-EU	3 years ago	Malvertising campaigns mimicking popular software downloads to infect users and steal credentials, HP Wolf Security reports – Global Security Mag Online
CERT-EU	2 years ago	US Treasury proposes crypto mixer-crackdown to end anonymous transactions
DARKReading	2 years ago	Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
CERT-EU	2 years ago	Over $3M worth of crypto amassed by North Korean hackers
Securelist	3 years ago	Malvertising in Google search results delivering stealers
CERT-EU	3 years ago	Meet the Creator of North Korea’s Favorite Crypto Privacy Service \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
CERT-EU	2 years ago	Tornado Cash 'laundered over $1B' in criminal cryptocurrency
CERT-EU	3 years ago	Malvertising attacks are distributing .NET malware loaders
CERT-EU	3 years ago	Meet the Creator of North Korea’s New Favorite Crypto Privacy Service
CERT-EU	3 years ago	North Korea's Lazarus Group linked to Atomic Wallet heist
CERT-EU	2 years ago	US Treasury unit proposes stepping up scrutiny of crypto mixers
BankInfoSecurity	2 years ago	Open-Source Foundations Join Forces on Digital Supply Chain
BankInfoSecurity	2 years ago	Cryptohack Roundup: Ray Eviscerates Bankman-Fried
CERT-EU	2 years ago	Lazarus Group taps Tornado Cash to launder Heco Bridge, HTX hack proceeds \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Blender’s Battle: Triumph Over DDoS Adversity
CERT-EU	3 years ago	Sanctioned cryptocurrency tool appears to reemerge under new name